A client bought a USG2250 as the way out of the company. Internal Server connects the public network by NAT SERVER. The client internal can’t visit the internal server by the IP Address of public network; public network can visit the server normally.
Found out the problem is in the configuration of the NAT SEVER
The mode of the definition of IP Address that the client used is the nat server zone untrusts, change the mode to the nat server, the problem will be solved.
The configuration originally:
nat server zone untrust protocol tcp global 202.XXXX.XXX.XXX www inside 192.168.1.1 www
Modifier it as:
nat server protocol tcp global 202.XXXX.XXX.XXX www inside 192.168.1.1 www
1 Configuration of ACL is not right, not matching the IP Address of ACL.
2 Configuration of NAT SERVER is wrong.
3 Missing the NAT policy